On 2013-12-03 16:39, Francis Daly wrote:
> On Tue, Dec 03, 2013 at 04:13:03PM -0500, Ian Evans wrote:
>> Hi there,
>>> Yesterday, I discovered that someone had registered a site
>> (basically
>> taking our domain name and adding a word to it) and then framed our
>> whole site in theirs. By that I mean it's a full iframe job, with no
>> toolbars showing.
>> nginx sees the http request coming from the client.
>> Look at the http headers that you see getting to your nginx, when you
> request your site directly.
>> Look at the http headers that you see getting to your nginx, when you
> go to their site.
>> Play "spot the difference".
>> Most likely, the only some-bit reliable difference is in the Referer:
> header. But maybe you can see something else, when you use the
> browsers
> that you care about.
>>> Not sure what they're up to, but I'd like to stop it. I know I can
>> use
>> a framebuster, but I'm wondering what I can do on the nginx.conf end
>> to
>> stop them dead in their tracks so not an ounce of our bandwidth goes
>> to
>> them.
>> You can't, reliably.
>> You can, for browsers that send a Referer: header of their site,
> return
> different content -- either a simple rejection using something like
>http://nginx.org/r/valid_referers; or tailored content that indicates
> what you think of the framing site, or whatever else you can imagine.
>
Thanks for the info. I'll have to take a look. I'm also hoping to get
them shut down as I've talked to their registrar. I'm hoping they
grabbed a whole bunch of domains to vampire and not just mine. If it was
just us, that'd be creepy